Integrations · Remote desktop & VDI

MFA in front of every session.

Remote desktops concentrate risk: one stolen password opens a full Windows session. Mideye adds a second factor at the gateway, the broker, or the Windows host itself, over standard RADIUS or natively at the logon screen.

  • Gateway or host level
  • Citrix & VMware via RADIUS
  • Native option for RDP

Step-by-step guides

Your platform, documented.

Gateway-level integration guides for the major remote desktop and VDI platforms.

Microsoft RDS

  • Remote Desktop Services 2016 / 2019 / 2022
  • Touch-Accept on session launch
  • RDS behind ADFS and Web Application Proxy
RDS with Touch-Accept guide

Citrix

  • NetScaler / ADC as RADIUS client
  • Covers Citrix Virtual Apps & Desktops
  • Standard and load-balanced setups
Citrix ADC guide

VMware & others

  • VMware Horizon View via RADIUS
  • Apache Guacamole via RADIUS
  • Same standard pattern as any RADIUS client
RADIUS reference

Beyond the gateway

Direct RDP is the gap. Close it at the host.

Mideye Credential Provider, early access.

Gateway MFA only sees sessions that pass through the gateway. Lateral RDP between servers, admin sessions from inside the network, and console logons never do. The Mideye Credential Provider runs on the Windows host itself and requires a second factor on every RDP and console logon, whatever path the connection took.

FAQ

Frequently asked questions.

How do I add MFA to Microsoft Remote Desktop Services?

Two ways. At the gateway: RDS with Web Application Proxy authenticates through ADFS, where the Mideye module adds the second factor before a session is brokered. At the host: the Mideye Credential Provider prompts for MFA at the Windows logon screen itself, covering direct RDP as well.

Does Mideye work with Citrix?

Yes. Citrix NetScaler / ADC authenticates users over RADIUS, so Mideye drops in as the authentication server, covering Citrix Virtual Apps and Desktops behind it. We publish guides for both the standard and load-balanced ADC setups.

What about direct RDP connections that bypass the gateway?

Gateway-level MFA only protects sessions that pass through the gateway. The Mideye Credential Provider closes the gap: a native credential provider on each Windows host that requires a second factor on every RDP and console logon, whatever path the connection took.

Protect your remote sessions.

Tell us how your users connect, and we will map gateway-level and host-level MFA with your team.